Achieving Greatness by Daring to Risk - FST...Achieving Greatness by Daring to Risk Mohamed Ridza Wahiddin, PhD, DSc Deputy Rector (Research & Innovation)/CIO 3 September 2014 © 2014

Achieving Greatness by Daring to Risk

Mohamed Ridza Wahiddin, PhD, DSc

Deputy Rector (Research & Innovation)/CIO

3 September 2014

© 2014 IIUM. All Rights Reserved.


Context of Discussion…Presentation Outline



Creativity

•Connecting the dots … making

connections where none existed before

•Christopher Sholes made a connection

between piano keys and a writing

machine to invent the TYPEWRITER


Innovation

•Taking Creativity to the NEXT LEVEL


Innovation (Tom Gorman)

• INNOVATION is the act of developing a new

product, service or process based upon a

new idea.

• To innovate means to come up with some

new thing, not just a new idea.

• INNOVATION = Problem Solving

• INNOVATION is the engine of the world’s

economy because there is no end to the

problems in this world, and there never will

be.

• INNOVATOR is anyone with a solution to a

problem


Lifestyle Marketing and Ralph Lauren


Lifestyle Marketing and Ralph Lauren


• What problem did Ralph Lauren solve?

• The problem of how to sell more high-

quality merchandise at higher prices to

a larger market.



Take-home Message• The role of risk manager should be to help build a culture that

encourages all employees to take risks—prudent risks, of

course. That builds resilience into a company without stifling

progress. With shared responsibility for assessing what could

put an organization at peril comes a sense of motivation,

ownership, and self-reliance—as well as improved decision-

making—throughout all levels of the company

• The risk manager needs to shift employees’ attitudes about

risk from one of fear and silence toward one of collaboration

and teamwork. This mind-set change can be summed up as

moving from preventing people from doing things (“don’t do”)

to giving them a road map that allows them to do things freely,

but within a common set of guidelines (“this is how you

navigate”)



Take-home Message1. Many companies have established “stage gates”,

essentially a funnelling process designed to reduce

uncertainty as exposure to risk grows. In many cases,

however, the stage gating process is too focused on re-

enforcing what the company does well today and the

funnels end up producing only weak, incremental ideas that

come to market slowly and lack emphasis on new areas for

expansion

2. Ironically, another common impediment to innovation is an

existing corporate culture that overly celebrates and

rewards success. In these cultures, it is rare to find

someone who has been able to rise in the ranks with a

failed experiment on his or her resume, even if the failure

provided valuable insights about future opportunities


Take-home Message3. Venture capital firms – typically designed to manage risk

and encourage innovation – can provide some important

lessons for large organizations seeking to advance the

cause of innovation. These firms typically create a portfolio

of investments and engage with the management team

through the development process regarding new insights

and unanticipated opportunities resulting from new

learnings in the process. These firms also know in advance

that most experiments will fail



Take-home Message• Call it “getting the A out of Angel”—that is, figuring out how

to survive the leap from the initial angel round of private

investments to the Series A investment round underwritten

by venture capital firms. This leap has become the new

deal breaker—and because of that, the new obsession—for

new technology start-up firms in the Valley (and everywhere

else)

• Here’s how the system used to work: You have an idea, or

license to commercialize a technology, and you form a team

to build a company to bring that product to market. You put

together a business plan; then you go out and pitch that

idea to family, friends and business contacts in hopes of

raising enough money from these angel investors to get

underway and, with luck, build a demonstration product or

prototype that will appeal to professional investors.


Take-home Message

• Typically, the goal is to reach $250-500K in this angel

round. In our software app/social networking era, that’s

usually enough to develop a strategic vision, identify

potential customers and strategic partners, rent office

space, hire a CEO and a CTO, line up a code-writing team

in Buenos Aires or Bangalore to do the coding and contract

a graphic designer to prepare the screen shots. By the end

of process, your burn rate is $30-50K per month—so you’ve

got about six months to ready yourself for the next phase


Take-home Message

• In the traditional start-up model, this was usually enough.

Phase II, which typically costs between a half-million and a

million dollars, gets you to a working demonstration, even a

full prototype, of your product. This money usually comes

from so-called early stage venture capitalists who have

assembled funds specifically to pursue investments in the

high-risk/high-return game of putting money into start-ups

that are still young and largely unproven. A lot of VCs—and

their investors—got very, very rich making these seed round

investments


Take-home Message

• That was then. All of that changed in the first years of this

century. That’s when the dot.com bubble popped—and

billions of dollars evaporated overnight. That crash killed a

number of second and third-tier venture capital firms; but

even those that survived found themselves with a lot of

unhappy investors—and busted funds hanging around their

necks like albatrosses for years to come.


Take-home Message

• Investors have learned just enough of a lesson from the

dotcom bust to believe two things:

1. High risk ventures are too risky. Sure, Benchmark made

billions on eBay, and Sequoia did the same on Google.

But when the e-commerce industry collapsed for every

winner like those two, thousands of other start-ups—all

looking just as good on paper—died. As a result, today’s

fund investors, if they don’t demand a sure thing, expect

something pretty close to it. That means where they used

to demand a business plan and a founder team, they now

require a demonstration product, a veteran executive

team, and even an installed base of users/customers.


Take-home Message2. All VCs aren’t the same. Hard as it is now to believe, up

until the bust the common view, especially among naïve

entrepreneurs, was that all venture capitalists were pretty

much the same. If they had ready money—and most of

them did, even if it was a bit sketchy—they were good to

go. Big investors don’t believe that anymore. That has

led to the shakeout of a number of VCs firms, both

veteran and fly-by-night, over the last decade. But even

more stunning is the fact that some of the most legendary

and admired VC firms in the Valley have failed, largely

because of misguided recent investments (Kleiner-

Perkins’ obsession with green technology) to capture this

big investment money and have tumbled to second-tier

status.


Take-home Message3. There are no IPOs. More precisely: not enough. The

traditional venture capital model was based on a

liquidation event—the initial public offering of stock—that

regularly offered a stunning payback on the original

investment just a half-dozen years later. Not every VC-

backed start-up went public, of course, but enough (10 to

20 percent) did, and produced enough reward, to make

the whole system both viable and appealing. But that,

too, ended with the bursting of the dotcom bubble and the

crash of 2001. Congress, intent on punishing what it saw

as a giant and corrupt Ponzi scheme (and insufficient

tribute money from the high-tech sector) instituted a

series of laws and regulations—Sarbanes-Oxley, changes

in stock option accounting, rules on director

accountability—that essentially plugged the IPO pipeline.



1. The first is the incredible pace of technological change. CIOs

need to place bets—like VCs do—that a given product or

service is going to hit the market at the right time and fill a

niche that others don’t. It’s often no longer acceptable to use

one vendor for all your technology needs

2. Second, given all the information now accessible to everyone,

it’s hard to gain a competitive advantage. VCs try to create a

competitive advantage by investing in companies to make a

profit— and CIOs try to create a competitive advantage by

investing in services and capabilities to reap the benefits

before competitors can

3. And third, to avoid trailing your competitors, CIOs need to take

risks. VCs take balanced risks, conducting market research,

and being thoughtful about selection and the company’s fit with

the team.

Charles Weston, SVP and chief information officer (retired),

Bloomin’ Brands Take on CIO as Venture Capitalist



Operational Risks•The Bank has a dedicated security function and the IT security

framework (that is currently being updated) provides an

integrated, organisation-wide program for managing information

security risks. Extensive control measures are in place, including

technology-based mitigations and non-technical mitigations

revolving around IT security policies, training, and incident

management procedures.

•Systematic external and internal security monitoring and testing

arrangements are in place. They reveal extraordinary numbers of

potential threats. Suspicious events triggering alerts number

around 500 million per month.

•Operational risks, be they security, business continuity or service

delivery, are most effectively managed through a risk management

approach that is integrated into the business and culture of the

organisation.



Take-home Message

• Ken Grady, CIO of New England Biolabs, is going through a

data valuation exercise to figure out how much and what

kind of insurance to buy for the company's information

assets. But not everything is worth protecting. For example,

PowerPoint presentations from routine meetings, videos

from a training seminar and chemical safety sheets are

everywhere and easily reproduced, he says. Sorting the

mundane from the valuable "requires us to really

understand and assess which types of data have a financial

value if compromised and which don't."


Insurance companies offer cybersecurity

policies to reimburse expenses related to breaches and theft,

but the value of the data isn't the central issue, says Reynold

Siemens, an attorney at the law firm Pillsbury Winthrop Shaw

Pittman. He represents policyholders trying to extract payments

from insurers.

•Rather than value the data at the centre of the situation, the two

sides quantify the costs of the incident, such as customer

notifications, technology to stop or prevent a future breach, fines

and judgments, he says.

•Policies and premiums are determined based on assessments

like these, for which the two sides can estimate a dollar value. But

the data itself isn't insured, Siemens says, though it is possible to

buy insurance to cover the cost of reconstructing or repairing

damaged data

http://www.cio.com/article/751975/5_Things_You_Need_to_Know_About_Cybersecurity_Insurance



“Evidence-based knowledge, including context, mechanisms,

indicators, implications and

actionable advice about an existing or emerging menace or

hazard to assets that can be used to

inform decisions regarding the subject’s response to that

menace or hazard.” - GARTNER on Threat Intelligence -

Concluding Remarks


• CIOs need to think like a venture capitalist

• CIOs need to know the value of the ‘I’ in their title

• CISO Recommendation:“Use a commercial threat

intelligence service to

develop informed tactics

for current threats, and

plan for threats that may

exist in the midterm future.”

Rob McMillan & Kelly Kavanagh

Technology Overview for Security Threat Intelligence Service Providers


Achieving Greatness by Daring to Risk - FST...Achieving Greatness by Daring to Risk Mohamed Ridza Wahiddin, PhD, DSc Deputy Rector (Research & Innovation)/CIO 3 September 2014 © 2014

Documents